HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=19)
-   -   HowTo install ISPConfig on a STRATO-Server with Debian 3.1 (http://www.howtoforge.com/forums/showthread.php?t=3781)

TobiasTM 18th April 2006 23:53

HowTo install ISPConfig on a STRATO-Server with Debian 3.1
 
Based and abuttet to the HowTo - The Perfect Setup Debian Sarge (3.1) - of Falko Timme I wrote this HowTo for STRATO-Server, because Strato has some specifics in itīs Debian Sarge (3.1) - Image. :o

Let me say first: This is one way of many possible, but I try this more than one time and it works.
Anyway I must say to you, too -> If you use this HowTo you do it on your own risk ! You will lose all Files on the Strato-Server, īcause we start with a brandnew installation of the Debian-Image !
If you have question mail me or send me a PM.

If you want to have it in german language please mail me, too.
>>Wer diese Anleitung auf deutsch haben möchte, muss mir nur eine eMail oder PN schreiben.<<

You will need:
  • a Strato - Dedicatet Server
  • WinSCP3 and Putty or similar software on your computer at home

We use (based on the HowTo by Falko Timme) for the Server:
  • Apache 2 as web-server
  • Postfix as mailserver
  • Courier-POP3 and Courier-IMAP for eMail, too
  • BIND as DNS-server
  • proftpd as FTP-server
  • Webalizer for statistics

STEP 1
Install a new Debian-Image 3.1 with the Strato-Konfigurationsmenü
  • ->Serverkonfiguration
  • ->Neuinstallation
  • mark the Box and
  • choose Debian GNU/Linux 3.1 für Profis
  • click on weiter
  • fill in the code you will see
Donīt forget: You will lose all Files on the Strato-Server, īcause we start with a brandnew installation of the Debian-Image !
  • click on weiter
  • wait until you get the eMail from Strato that the reinstallation is finished.

STEP 2
Update the Debian Sarge Image
  • login your server as root by Putty
  • copy here the code and paste it in Putty
  • follow the instructions
Code:

apt-get update
If youīre asked that you want to stop now, īcause a new kernell will be installed answer with no.
But donīt forget to reboot your server after this upgrade.
Code:

apt-get dist-upgrade
Code:

apt-get upgrade
(If someone said, that this is to much update and -grade, let me first answer:
I try it many times and it works everytime a little bit other - and rather one time often than one time too little.)


STEP 3
Add some more nameservers
  • open and edit the file /etc/resolv.conf
  • add some more nameservers (only if you want)
Code:

nameserver 81.169.163.104
nameserver 81.169.163.106
search serverkompetenz.net
nameserver ip.number.from.another

STEP 4
Setting the hostname
Instead of server1.example.com put in your real serverdomain (h12345.serverkompetenz.net)
Code:

echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname

STEP 5
Install needed and missing software and remove unneeded software
Code:

apt-get install make gcc wget flex bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils
Answer the questions with the default answers.
Code:

update-rc.d -f exim remove
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
/etc/init.d/inetd reload

STEP 6
Install and configure quota
Code:

apt-get install quota quotatool
Answer the question with no.
  • open and edit the file /etc/fstab
Code:

# /etc/fstab: static file system information.
#
# file system    mount point    type    options                  dump pass
/dev/sda1        /boot          ext2    nosuid,nodev            0    2
/dev/sda2        none          swap    sw                      0    0
/dev/sda3        /              ext3    defaults,errors=remount-ro,usrquota,grpquota 0      1
proc              /proc          proc    defaults                0    0

  • run the following steps:
Code:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

STEP 7
Install and configure bind9 the DNS-Server
Code:

apt-get install bind9
/etc/init.d/bind9 stop

  • open and edit the file /etc/default/bind9
Code:

OPTIONS="-u bind -t /var/lib/named"
  • run the following steps:
Code:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

  • open and edit the file /etc/init.d/sysklogd.
    But only the line SYSLOGD=""
Code:

SYSLOGD="-a /var/lib/named/dev/log"
  • run the following steps:
Code:

/etc/init.d/sysklogd restart
/etc/init.d/bind9 start

  • open and check the file /var/log/syslog for any errors in the last few lines.

STEP 8
Install and configure MySQL
Code:

apt-get install mysql-server mysql-client libmysqlclient12-dev
mysqladmin -u root password replacethiswithyourrootmysqlpassword
netstat -tap

Now you should see something like:
tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld


STEP 9
Install and configure Postfix the mail-server with POP3/IMAP
  • run the following steps:
Code:

apt-get install postfix postfix-tls procmail libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl
Answer the questions in following steps:
  • yes
  • pop3 and pop3s
  • no
  • imap2/imaps
  • no
  • Internet Site
  • NONE
  • h12345.serverkompetenz.net
  • h12345.serverkompetenz.net, localhost.serverkompetenz.net, localhost
  • no
  • 127.0.0.0/8
  • 0
  • +
  • yes
Run the following steps:
Code:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

For secure email-transport run the following steps:
Code:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

answer all the questions
Code:

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

/etc/init.d/postfix restart

mkdir -p /var/spool/postfix/var/run/saslauthd

  • open and edit the file /etc/default/saslauthd that it looks like this:
Code:

# This needs to be uncommented before saslauthd will be run automatically
START=yes

PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"


# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

  • open file /etc/init.d/saslauthd and edit the PIDFILE-Entry that it looks like this:
Code:

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
Run the following step:
Code:

/etc/init.d/saslauthd start
Create the new file /etc/c-client.cf with following content:
Code:

I accept the risk
set disable-plaintext 0

Run the following few steps:
Code:

/etc/init.d/inetd restart
telnet localhost 25
quit

If you can see the lines
250-STARTTLS
250-AUTH LOGIN PLAIN

everything is fine.


STEP 10
Install and configure Courier for Maildir-support
Run the following step:
Code:

apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl
Answer the questions in following steps:
  • no
  • Maildir (ok)
  • OK
Run the following steps:
Code:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

Donīt forget to enable the Maildir-Support in ISPConfig-Menu !

TobiasTM 19th April 2006 01:22

STEP 11
Install and configure Apache - the server

Run the following steps:
Code:

apt-get install apache2 apache2-doc
apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick

Answer all questions with yes
  • open and edit the file /etc/apache2/apache2.conf.
    But only the line DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
Code:

DirectoryIndex index.html index.htm index.shtml index.cgi index.php
  • open the file /etc/mime.types.
  • comment out the following lines (with #):
Code:

#application/x-httpd-php                        phtml pht php
#application/x-httpd-php-source                phps
#application/x-httpd-php3                      php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                      php4

  • open the file /etc/apache2/mods-enabled/php4.conf.
  • comment out the following lines (with #):
Code:

<IfModule mod_php4.c>
#  AddType application/x-httpd-php .php .phtml .php3
#  AddType application/x-httpd-php-source .phps
</IfModule>

  • open the file /etc/apache2/ports.conf.
  • add the line Listen 443:
Code:

Listen 80
Listen 443

  • run the following steps:
Code:

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
/etc/init.d/apache2 restart

STEP 12
Install and configure ProFTPd - the ftp-server
  • run the following step:
Code:

apt-get install proftpd
Answer the question with initd.
  • open the file /etc/proftpd.conf.
  • add the following lines:
Code:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

  • run the following step:
Code:

/etc/init.d/proftpd restart
STEP 13
Install and Webalizer - the Logfile-analyzer
  • run the following step:
Code:

apt-get install webalizer
Answer the questions in following steps:
  • /var/www/webalizer
  • Usage Statistics for
  • /var/log/apache/access.log.1

STEP 14
Install some Perl-modules
  • run the following step:
Code:

perl -MCPAN -e shell
Answer the question with no !
  • go ahead by running the following steps:
Code:

install HTML::Parser
install DB_File
install Net::DNS
q
apt-get install libdigest-sha1-perl libnet-dns-perl libpoe-component-client-dns-perl razor libio-socket-inet6-perl libdb-file-lock-perl libarchive-tar-perl

If there comes a question with test answer with no.
The other questions with yes.

Here is the rest you waited for: ;)

STEP 15
Install and configure ISPConfig
  • run the following steps:
Code:

cd /root
wget typeinhereyourfavoritemirror
tar xvfz ISPConfig-2.2.7.tar.gz
cd install_ispconfig
./setup

Answer the questions like that:
  • pleasemakeyourownchoise
  • y
  • y
  • 1
  • y
  • y

And know you have to wait...and pray :p

The next few questions you have to answer like this:
(these questions are for the SSL-Server-certificates)
  • R
  • typeinhereyourcountrycode-like-DE or US or UK...
  • typeinhereyourstate
  • typeinhereyourcity
  • typeinhereyourorganizationname
  • typeinhereyourorganizationunitname
  • typeinhereyourname
  • typeinhereyouremailadress
  • 3650 (this mean your certificate validity is 10 years)
  • 3
  • typeinhereyourcountrycode-like-DE or US or UK...
  • typeinhereyourstate
  • typeinhereyourcity
  • typeinhereyourorganizationname
  • typeinhereyourorganizationunitname
  • typeinhereyourinternetadress
  • typeinhereyouremailadress
  • 3650 (this mean your certificate validity is 10 years)
  • 3
  • n (! in step 7 of the setup)
  • n (! in step 8 of the setup)

And know you have to wait...and pray again, īcause it can take a little while :D

Now there comes some questions needed by Spamassassin:
  • typeinhereatext

Last there are some questions about the configuration.
Answer it like the following:
  • localhost
  • root
  • typeinhereyourmysqlpassword
  • db_ispconfig (itīs the default)
  • typeinhereyourserverIP like 85.123.456.789
  • [I]h123456
  • serverkompetenz.net
  • 1 (itīs more secure with SSL)

Thatīs it - if you donīt see any ERROR-Message -> CONGRATIOLATIONS

FryShadow 29th April 2006 20:38

we will waiting for your tutorial.. thanks anyway

TobiasTM 28th June 2006 01:45

So - thatīs it... :D

The tutorial for the HowToForge I will edit in next time ;)
Have a lot of fun with ISPconfig !

If you find an error in my HowTo, please mail me or send me a private message.

TobiasTM 22nd July 2006 00:03

The HowTo is finished !

You can see it here.

I will keep it up-to-date.

TobiasTM 13th October 2006 00:03

Iīve updated the HowTo and the complete Thread in here.

Have a lot of Fun with it ;)

eLKane 27th November 2006 12:59

Step 8:
i type "netstat -tap"

Code:

Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 h1095988.serverk:domain *:*                    LISTEN    11445/named
tcp        0      0 localhost:domain        *:*                    LISTEN    11445/named
tcp        0      0 localhost:953          *:*                    LISTEN    11445/named
tcp        0      0 localhost:smtp          *:*                    LISTEN    601/exim4
tcp6      0      0 *:ssh                  *:*                    LISTEN    9061/sshd
tcp6      0      0 localhost:953          *:*                    LISTEN    11445/named
tcp6      0      0 h1095988.serverkomp:ssh p54AFBC7C.dip0.t-:65038 VERBUNDEN  8211/0
tcp6      0    908 h1095988.serverkomp:ssh p54AFBC7C.dip0.t-:65039 VERBUNDEN  8213/1

There is nothing like "tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld"

Server: Strato PowerServer Debian 3.1

[ EDIT:
Edit /etc/my.cnf
comment out skip-networking
bind-address = 127.0.0.1

eLKane 27th November 2006 16:11

Quote:

Run the following few steps:
Code:
/etc/init.d/inetd restart
telnet localhost 25
quit

If you can see the lines
250-STARTTLS
250-AUTH LOGIN PLAIN
everything is fine.
I can't see this lines =)

TobiasTM 27th November 2006 19:17

Do you follow the steps here in the forum or in the HowTo ?
Because the HowTo is more up to date.

PS: If you want I can send you the german HowTo by email.

hendry 7th August 2007 11:10

Is this setup checked with the latest software at Strato? Because when following it I cannot set the quota and I have a problem starting Proftpd. I'm now setting up the server once more to see if I did something wrong


All times are GMT +2. The time now is 14:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.